Brits Hoovered Yahoo Webcams, Say Snowden Papers

A British intelligence agency indiscriminately collected photos from the webcams of Yahoo users and stored them on its servers over a period of several years, The Guardian reported.

Over one six-month period, 1.8 million Yahoo users were targeted by a surveillance program called "Optic Nerve," run by the UK's NSA counterpart, GCHQ, according to a top secret documents leaked by whistleblower Edward Snowden.

Her Majesty's spooks focused on Yahoo webcams because known GCHQ targets were using them, the report said. However, the information gathered by the agency and squirreled away in its databases did not discriminate between who was a target and who was not.

The agency experimented with automated facial recognition to identify existing GCHQ targets and potential new targets, and to identify threats using multiple IDs.

Limits were imposed on access to the webcam database, the report said. Bulk searches, for example, were restricted to metadata. However, analysts were allowed to perform searches based on user names that were similar to those of targets, which could have affected innocent Yahoo members.

New Level of Privacy Abuse

Yahoo condemned the GCHQ's actions in the aftermath of the report.

"We were not aware of nor would we condone this reported activity," reads a company statement.

"This report, if true, represents a whole new level of violation of our users' privacy that is completely unacceptable and we strongly call on the world's governments to reform surveillance law consistent with the principles we outlined in December," it continues. "We are committed to preserving our users' trust and security and continue our efforts to expand encryption across all of our services."

Although the GCHQ used its Internet taps to purloin Yahoo webcam images, it used NSA technology to analyze and search the material, which included information on both UK and American citizens. There are some limitations on the access to information the agency gathers on UK citizens, but there are no restrictions on information it gathers about foreign nationals, including its allies.

"The National Security Agency does not ask its foreign partners to undertake any intelligence activity that the U.S. Government would be legally prohibited from undertaking itself," reads a statement from the NSA. "NSA works with a number of partners in meeting its foreign-intelligence mission goals, and those operations comply with U.S. law and with the applicable laws under which those partners operate."

"A key part of the protections that apply to both U.S. persons and citizens of other countries," it continues, "is the mandate that information be in support of a valid foreign intelligence requirement and comply with U.S. Attorney General-approved procedures to protect privacy rights. Those procedures govern the acquisition, use, and retention of information about U.S. persons."

Feeding Frenzy

The GCHQ appears to have been challenged by the pornographic material it gathered from its sweeps of Yahoo webcams.

"Unfortunately, there are issues with undesirable images within the data," the agency observes in one of the leaked documents. "It would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person."

From three to 11 percent of the webcam imagery scraped from Yahoo contained "undesirable nudity," the agency estimated.

"These latest revelations are more cringeworthy than past revelations because they include the pretty frequent use of the Yahoo video chat for sex play," said Jeremy D. Mishkin, a partner and chair of the litigation department with
Montgomery, McCracken. "It's a different kind of creepiness."

Despite the prudish reactions in the documents about the naughty material gathered from Yahoo, anything that is useful likely will be used.

"It would be stretching naivete to think that if someone gets hold of incriminating stuff that can be used to exert influence that they'll refrain from using it that way," Mishkin told the E-Commerce Times.

These latest disclosures continue to add to a disturbing picture about how intelligent agencies have conducted themselves in the 21st century.

"It's a feeding frenzy," Richard Stiennon, chief research analyst at
IT-Harvest told the E-Commerce Times. "The sharks are in the water and individuals are the chum."

TV vs. Reality

Nevertheless, the question remains, should anyone who puts their mug -- and etc. -- on the Internet have an expectation of privacy?

"Unlike Social Security numbers and other private things we don't display all the time, our face, our fingerprints and many of our biometrics are public," said George Brostoff, founder and CEO of
Sensible Vision, maker of facial recognition software.

"You touch something, you leave a fingerprint. Your face is always in view," he told the E-Commerce Times.

"So, the notion that taking an image from a face is somehow the same as stealing a Social Security number is hard to support, because we always have it out in public," said Brostoff. "I'm not sure once people think about that in the long-term, they'll think there isn't much of an issue with that."

The value of what the GCHQ hoovered from Yahoo is questionable, suggested Brostoff.

"There's a significance difference between what we see in the movies and on TV shows and reality," he said. "Webcam images are not very good for making an excellent database with high accuracy. The technology just isn't there yet."

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on
Google+.